Identity Manager architecture overview
Smart ID Identity Manager consists of these applications:
Identity Manager Admin: Configuration of the system
Identity Manager Operator: Client user interface for the daily operational usage
Smart ID Self-Service: End-user portal for certain person- or card-based functions
Identity Manager Tenant: The tenant management tool for configuration and runtime system
Identity Manager has the following basic architecture:
J2EE/Java-based server
SQL database, connected to the application server
User Interface (HTML5 client)
Identity Manager architecture
Workflow engine
Smart ID Identity Manager is based on a BPMN 2.0 compliant Workflow engine that allows custom configuration of every process for identity management. The configuration is created within Identity Manager Admin or with an external BPMN editor. Alternatively, Smart ID Workforce/Workplace Use Cases or Smart ID Modules can be used. For more information, see Smart ID architecture overview.
Process API
Smart ID Identity Manager offers a REST interface to call any process configured within the Workflow Engine, see Identity Manager Process REST API.
HTTP Clients
Smart ID Identity Manager offers a special Task to call any HTTP based REST API. The interface can be configured using a convenient user interface in IDM Admin, see Set up Http Clients in Identity Manager.
Connectors
For more information on the supported systems and versions, see Identity Manager requirements and interoperability, Set up AriadNext connector, and Set up Workspace One connector.
Corporate directory
The LDAP connector enables searching and reading identity information from an LDAP directory, such as Active Directory. User authentication with directory-stored password and group-based role assignment are also supported.
Alternatively, Identity Manager can connect to different HR systems via SCIM or CSV file import/export.
Certificate authority
Through the PKI connectors, Identity Manager PKI applications can request, renew, and revoke certificates from/in a certificate authority (CA). The PKI connector delivers the certificate template names that are made available by the CA for use. These templates are mapped to Identity Manager certificate types. Multiple CA connections are possible.
Smart cards and software tokens can contain any number of certificates that may be issued by different CAs.
Identity Manager DB Server
All configuration and run time data is stored in an SQL database.
Capture client
Identity assurance, data, image and signature capturing.
Production client
Card printing and encoding, batch production.